Details | |
---|---|
Alert ID | 40040-3 |
Alert Type | Active |
Status | beta |
Risk | High |
CWE | 942 |
WASC | 14 |
Technologies Targeted | All |
Tags |
CWE-942 OWASP_2017_A05 OWASP_2021_A01 POLICY_QA_FULL POLICY_QA_STD WSTG-V42-CLNT-07 |
More Info |
Scan Rule Help |
Summary
This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent. In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites). A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).